my digital notebook

Main menu

Tag Archives: authentication

For one reason or another RHEL does not disallow incoming ssh connections as root. This is, of course a glaring security problem which should be addressed for all systems that allow ssh connections to be made from any but the most restricted networks.

The best practice, of course, would be to make the initial ssh connection as an unprivileged user and then use the “su” command to promote yourself to root. This way, even if an attacker managed to get into the system, it would be as an unprivileged user and they would not able to do much harm. Allowing incoming ssh connections at root leaves you much more exposed to attack. Granted your root password is still protecting you, but it becomes your only layer of defense.

Ok, so how do we disallow incoming ssh connections as root on our RHEL box?

So you have a RHEL system and you want to authenticate it against your active directory. The good news is that Red Hat has made it easy for you to do this. The bad news is that they only get the most basic structure working for you. Here I will show you how to get WinBind authentication working using Authconfig, and how make it a little more seamless than this utility leaves it off.

It should be noted that while this works perfectly well, it is really not the best way to authenticate users against a UNIX host. Given the option, having your users in Open Ldap and PAM authenticating them against that would be a much better option. However, we don’t live in a perfect world, and sometimes we just have to make things work.

Let’s start by using authconfig to join your machine to the domain. This should all be done as the root user.

It looks like Pat Cavit who runs Zilla Smash has coded a nifty little plugin that allows WordPress to authenticate against an LDAP server. Needless to say, this has great potential for universities and organizations who have LDAP based account provisioning and would like to offer blogging to large numbers of people.

So hereâ€™s version 1.01 of my LDAP Authentication plugin for WordPress 1.5.1. Note that this will NOT WORK with any previous version of WordPress. Installation is pretty simple: download, unzip into wp-content/plugins, activate, go to the â€œLDAP Optionsâ€ menu and set up your LDAP information.